Credo AI Risk Scenario & Control Library

An overview of Credo AI's out-of-the-box risk scenarios and controls.

Overview

Credo AI’s Risk and Control Libraries are designed to make AI governance more intuitive and actionable for organizations at all maturity levels. These assets reflect our commitment to providing clear, practical tools for managing AI risk and compliance.

AI Risk Scenario Library

In Credo AI v17.0, we deprecated our old risk scenarios in favor of a restructured Risk Library to provide comprehensive coverage while eliminating overlap and confusion. The previous library drew from multiple sources which led to duplication, varying levels of abstraction, and an unnecessarily-large and difficult-to-use library.

The new risk scenario library synthesizes all previous risk scenarios and is designed to be mutually-exclusive and collectively-exhaustive. We have aimed for a practical and widely applicable approach  while maintaining the specificity necessary to identify risk-mitigating actions. Specifically, the new library contains:

  • 15 Clear Risk Types. These are the high level categories under which all risk scenarios are organized:
    • Security
    • Privacy
    • Legal
    • Operational
    • Performance & Robustness
    • Third Party
    • Fairness & Bias
    • Explainability & Transparency
    • Malicious Use
    • Human-AI Interaction
    • Information Integrity
    • Harmful Content
    • Environmental Harm
    • Societal Impact
    • AI Agency
  •  50 Specific Risk Scenarios: Some examples include:
    • Integration challenges with existing systems (Operational Risk)
    • Black box decision-making (Explainability & Transparency Risk)
    • Lack of robustness (Performance & Robustness Risk)
    • Disparate model performance (Fairness & Bias Risk)
    • Compromised confidential information (Security Risk)
    • Insufficient upstream transparency (Third Party Risk)
    • Dangerous or violent content (Harmful Content Risk)
  • Enhanced Descriptions: Each Risk Scenario now includes:
    • Mapping to relevant risk-mitigating controls
    • Practical examples
    • Potential consequences
    • Contributing factors
    • Affected stakeholders

Enhanced Control Framework

The Control Library has been updated to provide clearer guidance and more practical implementation steps. The library has been designed to have full coverage over all risk scenarios in the Risk Library. That is, each Risk Scenario in the library can be mitigated by applying at least one control, ensuring that this library covers the full spectrum of AI risks.

In addition, the library was created with regulatory compliance in mind. The same controls used for risk mitigation will eventually be used for regulatory compliance as well (see the Looking Ahead section). For now, the main benefits are:

  • A manageable set of 42 controls: This list of 42 controls has full coverage over the risk scenarios.
  • Direct Risk Mapping: Each control is mapped to the risks it helps mitigate
  • Practical Implementation Steps: Detailed guidance broken down into actionable tasks